[patch 2/2] fork_connector: fix problem in the message lenght
From: Guillaume Thouvenin
Date: Thu Mar 17 2005 - 04:08:04 EST
This patch fixes a bug in the __cn_rx_skb() routine when checking the
size of the netlink message.
It applies to 2.6.11-mm4.
Signed-off-by: Evgeniy Polyakov <johnpol@xxxxxxxxxxx>
---
connector.c | 9 ++++-----
1 files changed, 4 insertions(+), 5 deletions(-)
Index: linux-2.6.11-mm4-cnfork/drivers/connector/connector.c
===================================================================
--- linux-2.6.11-mm4-cnfork.orig/drivers/connector/connector.c 2005-03-16 14:21:46.000000000 +0100
+++ linux-2.6.11-mm4-cnfork/drivers/connector/connector.c 2005-03-16 14:51:04.000000000 +0100
@@ -168,12 +168,11 @@
group = NETLINK_CB((skb)).groups;
msg = (struct cn_msg *)NLMSG_DATA(nlh);
- if (msg->len != nlh->nlmsg_len - sizeof(*msg) - sizeof(*nlh)) {
+ if (NLMSG_SPACE(msg->len + sizeof(*msg)) != nlh->nlmsg_len) {
printk(KERN_ERR "skb does not have enough length: "
- "requested msg->len=%u[%u], nlh->nlmsg_len=%u[%u], skb->len=%u[must be %u].\n",
- msg->len, NLMSG_SPACE(msg->len),
- nlh->nlmsg_len, nlh->nlmsg_len - sizeof(*nlh),
- skb->len, msg->len + sizeof(*msg));
+ "requested msg->len=%u[%u], nlh->nlmsg_len=%u, skb->len=%u.\n",
+ msg->len, NLMSG_SPACE(msg->len + sizeof(*msg)),
+ nlh->nlmsg_len, skb->len);
kfree_skb(skb);
return -EINVAL;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/